
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.usplo.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



09/965,736 



09/27/2001 



7590 



04/11/2005 



Joseph R. Burwell 

Law Office of Joseph R. Burwell 

P.O. Box 28022 

Austin, TX 78755-8022 



Gregory Alan Flurry 



AUS920010571US1 



7214 



EXAMINER 



DINH, MINH 



ART UNIT 



PAPER NUMBER 



2132 

DATE MAILED: 04/1 1/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 


Application No. 

09/965,736 


Applicant(s) 

FLURRY ET AL 


CAaininer 

Minh Dinh 


Art Unit 

2132 




» The MAILING DATE of this communication appears on the cover sheet with the correspondence ac 
Period for Reply 


fdress 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 



- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)D Responsive to communication(s) filed on . 

2a)D This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1 935 CD. 1 1 , 453 O.G. 21 3. 

Disposition of Claims 

4) ^ Claim(s) 1-38 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-38 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) [3 The drawing(s) filed on 27 September 2001 is/are: a)S accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) El Notice of References Cited (PTO-892) 

2) Q Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) ^ Information Disclosure State ment(s) (PTO-1449 or PTO/SB/08) 

Paper No(s)/Mail Date 9/27/2001 . 



4) O Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) CI Notice of Informal Patent Application (PTO-1 52) 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 20050323 



Application/Control Number: 09/965,736 Page 2 

Art Unit: 2132 

DETAILED ACTION 

1 . Claims 1-38 have been examined. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

3. Claims 1, 3, 16, 18 and 31 are rejected under 35 U.S.C. 102(a) as being 
anticipated by Mishra et al ("Security Services Markup Language"). Mishra discloses a 
method comprising receiving from a client a request to access a resource protected by 
an application service provider (ASP) aggregator service, wherein the ASP aggregator 
service provides single sign-on functionality for a plurality of net-sourced applications, 
wherein at least one of the net-sourced applications is hosted by an ASP; in response to 
a determination that the client or a user of the client has not been properly authenticated 
by the ASP aggregator service for a current client session, requiring the client or the 
user of the client to successfully complete an authentication process (Section 3.1 , 
Scenario #1 : User-Driven Transactions (Single Sign-On)); and sending to the client a 
response to the request received from the client, wherein the response is accompanied 
by an aggregator token, wherein the aggregator token comprises the URL of an 
authentication engine that provides logon service (Section 3.1, Scenario #1: User- 
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Driven Transactions (Single Sign-On); Section 4. 3, Authentication (Auth) and 
Authorization (Az) Services, pages 15-16; figure on page 29). 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 2, 4-5, 17, 19-20 and 32-34 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Mishra as applied to claims 1,16 and 31 above, and further in view 
of Gupta et al (6,226,752). 

Regarding claims 2, 4, 17, 19 and 32-33, Mishra does not disclose that the URL 
is that of a logon Web page. Gupta discloses a method for providing single sign-on 
service utilizing the URL of a login server as a redirection address and the login server 
is configured such that a login Web page is the default Web page for that URL (col. 12, 
lines 13-41). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the Mishra method such that the URL of the login service 
is also the URL of a login Web page, as taught by Gupta. The motivation for doing so 
would have been to facilitate user's login process when the login server is configured 
with the username and password mechanism. 
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Regarding claims 5, 20 and 34, Mishra discloses that an application service 
provider (ASP) receives a request for service accompanied with an aggregator token 
from a client and the ASP determines whether the user of the client has been properly 
authenticated (Section 4.4, Assertion Validity). However, Mishra does not teach what 
the ASP does if is determined that the user has not been properly authenticated. Gupta 
discloses a method for accessing resource at an ASP protected by a login server 
providing ASP aggregator service. In particular, Gupta discloses that if the ASP 
determines that a user has not been properly authenticated, the ASP will send to the 
client a response indicating a URL of a login Web page at the login server as a redirect 
destination so that the user can be authenticated, and, upon successful authentication, 
the login server redirects the user's request accompanied by an aggregator token to the 
ASP (Abstract; col. 7, lines 1-15; fig. 3 and corresponding text). It would have been 
obvious to one of ordinary skill in the art at the time the invention was made to modify 
the Mishra method such that if the ASP determines that a user has not been properly 
authenticated, the ASP will send to the client a response indicating a URL of a login 
Web page at the login server as a redirect destination so that the user can be 
authenticated, and, upon successful authentication, the login server redirects the user's 
request accompanied by an aggregator token to the ASP, as taught by Gupta. The 
motivation for doing so would have been that the process does not require any 
interaction from the user (col. 7, lines 19-23). Since the ASP needs the URL of the 
authentication engine that performs the login service to redirect the user's request and 
there are more than one authentication engine (figure on page 8), it would be obvious 
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by the combination of Mishra and Gupta above for the ASP to extract the URL from the 
token so that the ASP knows which authentication engine the user's request should be 
redirected to. 

6. Claims 6-8, 10-15, 21-23, 25-30 and 35-38 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Mishra in view of Gupta. 

Regarding claims 6-7, 11,13-14, 21-22, 26, 28-29, 35-36 and 38, Mishra 
discloses that an ASP receives a request for service accompanied with an aggregator 
token from a client, the aggregator token being originated from an ASP aggregator 
service that provides single-sign-on functionality for a plurality of net-sourced 
applications, wherein at least one of the net-sourced applications is the net-sourced 
application hosted by the ASP (Section 3.1 , Scenario #1: User-Driven Transactions 
(Single Sign-On); Section 4. 3, Authentication (Auth) and Authorization (Az) Services, 
pages 15-16). Mishra also discloses that the aggregator token comprises the URL of an 
authentication engine that provides logon service to a user (Section 3.1 , Scenario #1: 
User-Driven Transactions (Single Sign-On); Section 4. 3, Authentication (Auth) and 
Authorization (Az) Services, pages 15-16). Mishra further discloses that the ASP 
determines whether the user of the client has been properly authenticated (Section 4.4, 
Assertion Validity). However, Mishra does not teach what the ASP and the ASP 
aggregator service do if it is determined that the user has not been properly 
authenticated. Gupta discloses a method for accessing resource at an ASP protected 
by a login server providing ASP aggregator service. In particular, Gupta discloses that if 



Application/Control Number: 09/965,736 Page 6 

Art Unit: 2132 

the ASP determines that a user has not been properly authenticated, the ASP will send 
to the client a response indicating a URL of a login Web page at the login server as a 
redirect destination. Gupta also discloses that the login server receives the redirect 
request, requires the user to successfully complete an authentication process, extracts 
the identifier of the ASP from the redirect request and sends a response to the client 
indicating the identifier of the ASP as a redirect destination (Abstract; col. 7, lines 1-15; 
fig. 3 and corresponding text). It would have been obvious to one of ordinary skill in the 
art at the time the invention was made to modify the Mishra method such that if the ASP 
determines that a user has not been properly authenticated, the ASP sends to the client 
a response indicating a URL of a login Web page at the login server as a redirect 
destination and the login server receives the redirect request, requires the user to 
successfully complete an authentication process, extracts the identifier of the ASP from 
the redirect request and sends a response to the client indicating the identifier of the 
ASP as a redirect destination, as taught by Gupta. The motivation for doing so would 
have been that the process does not require any interaction from the user (col. 7, lines 
19-23). Since the ASP needs the URL of the authentication engine that performs the 
login service to redirect the user's request and there are more than one authentication 
engine (figure on page 8), it would be obvious by the combination of Mishra and Gupta 
above for the ASP to extract the URL from the token so that the ASP knows which 
authentication engine the user's request should be redirected to. 

Regarding claims 8, 23 and 37, Mishra further discloses that the ASP determines 
the validity of the token (Section 4.4, Assertion Validity). 
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Regarding claims 10, 12, 15, 25, 27 and 30, Mishra does not disclose that the 
URL is that of a logon Web page. Gupta discloses a method for providing single sign- 
on service utilizing the URL of a login server as a redirection address and the login 
server is configured such that a login Web page is the default Web page for that URL 
(col. 12, lines 13-41). It would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the Mishra method such that the URL of the 
login service is also the URL of a login Web page,, as taught by Gupta. The motivation 
for doing so would have been to facilitate user's login process when the login server is 
configured with the username and password mechanism. 

7. Claims 9 and 24 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Mishra in view of Gupta as applied to claims 6 and 21 above, and further in view of 
McCarty et al (US Pub. No. 2002/0029269). Mishra does not disclose that access to 
the resource is controlled by the ASP on a subscription basis. McCarty discloses a 
method for accessing resource at an ASP using ASP aggregator service, the resource 
being controlled by the ASP on a subscription basis (paragraphs 0015-0016, 0055, 
0067-0068). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the combined method of Mishra and Gupta such that 
access to the resource is controlled by the ASP on a subscription basis, as taught by 
McCarty. The motivation for doing so would have been to present a seamless user 
interface as a user accesses different web-based external systems, while maintaining 
the independence of the external systems (paragraph 0012). 



Application/Control Number: 09/965,736 Page 8 

Art Unit: 2132 

Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

U.S. Patent No. 6,584,505 to Howard et al. 

U.S. Patent No. 6,421 ,768 to Purpura 

U.S. Patent No. 6,668,322 to Wood et al. 

U.S. Patent Application Publication No. 2002/001 0776 to Lerner 

European Patent Application Publication No. 1 089 516 A2 to Grandcolas et al 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Minh Dinh whose telephone number is 571-272-3802. 
The examiner can normally be reached on Mon-Fri: 10:00am-6:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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